SOP-10: Business Email Compromise (BEC) Response

SOC analyst SOP for BEC — inbox rule abuse, AiTM phishing, OAuth consent grants, account takeover response, wire transfer fraud detection, KQL for Defender/Sentinel, SPL for Splunk, M365/Entra ID containment.

2026-06-15T23:38:20.125Z
Rudra Verma, Senior Security Architect & Researcher